Sign-up

ID

VAR-202203-1898


CVE

CVE-2022-0342


TITLE

plural  ZyXEL  Product certification vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2022-007481

DESCRIPTION

An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware versions V1.20 through V1.33 Patch 4, which could allow an attacker to bypass the web authentication and obtain administrative access of the device. USG40 firmware, USG40W firmware, USG60 firmware etc. ZyXEL The product contains authentication vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-0342 // JVNDB: JVNDB-2022-007481 // VULMON: CVE-2022-0342

AFFECTED PRODUCTS

vendor:zyxelmodel:atp100wscope:lteversion:5.20

Trust: 1.0

vendor:zyxelmodel:zywall 110scope:gteversion:4.20

Trust: 1.0

vendor:zyxelmodel:atp800scope:gteversion:4.32

Trust: 1.0

vendor:zyxelmodel:zywall 1100scope:ltversion:4.71

Trust: 1.0

vendor:zyxelmodel:usg60scope:ltversion:4.71

Trust: 1.0

vendor:zyxelmodel:vpn300scope:gteversion:4.30

Trust: 1.0

vendor:zyxelmodel:atp200scope:lteversion:5.20

Trust: 1.0

vendor:zyxelmodel:zywall 310scope:ltversion:4.71

Trust: 1.0

vendor:zyxelmodel:usg flex 100scope:lteversion:5.20

Trust: 1.0

vendor:zyxelmodel:usg flex 500scope:gteversion:4.50

Trust: 1.0

vendor:zyxelmodel:usg flex 700scope:lteversion:5.20

Trust: 1.0

vendor:zyxelmodel:atp700scope:gteversion:4.32

Trust: 1.0

vendor:zyxelmodel:usg60wscope:ltversion:4.71

Trust: 1.0

vendor:zyxelmodel:vpn100scope:gteversion:4.30

Trust: 1.0

vendor:zyxelmodel:zywall 1100scope:gteversion:4.20

Trust: 1.0

vendor:zyxelmodel:usg60scope:gteversion:4.20

Trust: 1.0

vendor:zyxelmodel:atp500scope:gteversion:4.32

Trust: 1.0

vendor:zyxelmodel:vpn50scope:gteversion:4.30

Trust: 1.0

vendor:zyxelmodel:usg40scope:ltversion:4.71

Trust: 1.0

vendor:zyxelmodel:vpn300scope:ltversion:5.21

Trust: 1.0

vendor:zyxelmodel:vpn1000scope:gteversion:4.30

Trust: 1.0

vendor:zyxelmodel:nsg300scope:ltversion:1.33

Trust: 1.0

vendor:zyxelmodel:nsg300scope:gteversion:1.20

Trust: 1.0

vendor:zyxelmodel:zywall 310scope:gteversion:4.20

Trust: 1.0

vendor:zyxelmodel:usg40wscope:ltversion:4.71

Trust: 1.0

vendor:zyxelmodel:usg flex 200scope:lteversion:5.20

Trust: 1.0

vendor:zyxelmodel:usg flex 100wscope:lteversion:5.20

Trust: 1.0

vendor:zyxelmodel:atp100scope:gteversion:4.32

Trust: 1.0

vendor:zyxelmodel:atp800scope:lteversion:5.20

Trust: 1.0

vendor:zyxelmodel:atp100wscope:gteversion:4.32

Trust: 1.0

vendor:zyxelmodel:vpn100scope:ltversion:5.21

Trust: 1.0

vendor:zyxelmodel:usg flex 100scope:gteversion:4.50

Trust: 1.0

vendor:zyxelmodel:usg60wscope:gteversion:4.20

Trust: 1.0

vendor:zyxelmodel:nsg300scope:eqversion:1.33

Trust: 1.0

vendor:zyxelmodel:atp700scope:lteversion:5.20

Trust: 1.0

vendor:zyxelmodel:zywall 110scope:ltversion:4.71

Trust: 1.0

vendor:zyxelmodel:atp200scope:gteversion:4.32

Trust: 1.0

vendor:zyxelmodel:atp100scope:lteversion:5.20

Trust: 1.0

vendor:zyxelmodel:usg40scope:gteversion:4.20

Trust: 1.0

vendor:zyxelmodel:atp500scope:lteversion:5.20

Trust: 1.0

vendor:zyxelmodel:vpn1000scope:ltversion:5.21

Trust: 1.0

vendor:zyxelmodel:usg flex 700scope:gteversion:4.50

Trust: 1.0

vendor:zyxelmodel:usg flex 200scope:gteversion:4.50

Trust: 1.0

vendor:zyxelmodel:usg40wscope:gteversion:4.20

Trust: 1.0

vendor:zyxelmodel:usg flex 500scope:lteversion:5.20

Trust: 1.0

vendor:zyxelmodel:vpn50scope:ltversion:5.21

Trust: 1.0

vendor:zyxelmodel:usg flex 100wscope:gteversion:4.50

Trust: 1.0

vendor:zyxelmodel:usg40scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg flex 200scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg 310scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg flex 500scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg60wscope: - version: -

Trust: 0.8

vendor:zyxelmodel:zywall 110scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg flex 100scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg40wscope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg60scope: - version: -

Trust: 0.8

vendor:zyxelmodel:zywall 1100scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-007481 // NVD: CVE-2022-0342

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-0342
value: CRITICAL

Trust: 1.8

security@zyxel.com.tw: CVE-2022-0342
value: CRITICAL

Trust: 1.0

CNNVD: CNNVD-202203-2311
value: CRITICAL

Trust: 0.6

VULMON: CVE-2022-0342
value: HIGH

Trust: 0.1

NVD:
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2022-0342
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.9

NVD:
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2022-0342
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2022-0342 // JVNDB: JVNDB-2022-007481 // NVD: CVE-2022-0342 // NVD: CVE-2022-0342 // CNNVD: CNNVD-202203-2311

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.0

problemtype:Inappropriate authentication (CWE-287) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-007481 // NVD: CVE-2022-0342

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202203-2311

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202203-2311

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2022-0342

PATCH
title:Zyxel USG/ZyWALL Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=187770
Trust: 0.6
title: - url:https://github.com/f1tao/awesome-iot-security-resource 
Trust: 0.1
title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/zyxel-patches-critical-bug-affecting-firewall-and-vpn-devices/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2022-0342 // 
            
            
            
            CNNVD: CNNVD-202203-2311

EXTERNAL IDS
db:NVDid:CVE-2022-0342
Trust: 3.3
db:JVNDBid:JVNDB-2022-007481
Trust: 0.8
db:CS-HELPid:SB2022033003
Trust: 0.6
db:CNNVDid:CNNVD-202203-2311
Trust: 0.6
db:VULMONid:CVE-2022-0342
Trust: 0.1
sources:
            
            
            VULMON: CVE-2022-0342 // 
            
            
            
            JVNDB: JVNDB-2022-007481 // 
            
            
            
            NVD: CVE-2022-0342 // 
            
            
            
            CNNVD: CNNVD-202203-2311

REFERENCES
url:https://www.zyxel.com/support/zyxel-security-advisory-for-authentication-bypass-vulnerability-of-firewalls.shtml
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2022-0342
Trust: 0.8
url:https://www.cybersecurity-help.cz/vdb/sb2022033003
Trust: 0.6
url:https://cxsecurity.com/cveshow/cve-2022-0342/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/287.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.bleepingcomputer.com/news/security/zyxel-patches-critical-bug-affecting-firewall-and-vpn-devices/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2022-0342 // 
            
            
            
            JVNDB: JVNDB-2022-007481 // 
            
            
            
            NVD: CVE-2022-0342 // 
            
            
            
            CNNVD: CNNVD-202203-2311

SOURCES
db:VULMONid:CVE-2022-0342
db:JVNDBid:JVNDB-2022-007481
db:NVDid:CVE-2022-0342
db:CNNVDid:CNNVD-202203-2311

LAST UPDATE DATE
2023-12-18T14:04:01.403000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2022-0342date:2022-04-04T00:00:00
db:JVNDBid:JVNDB-2022-007481date:2023-07-14T08:38:00
db:NVDid:CVE-2022-0342date:2022-04-04T17:27:58.343
db:CNNVDid:CNNVD-202203-2311date:2022-04-06T00:00:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2022-0342date:2022-03-28T00:00:00
db:JVNDBid:JVNDB-2022-007481date:2023-07-14T00:00:00
db:NVDid:CVE-2022-0342date:2022-03-28T13:15:07.747
db:CNNVDid:CNNVD-202203-2311date:2022-03-28T00:00:00